You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by "Kirk Kosinski (JIRA)" <ji...@apache.org> on 2012/10/19 20:53:11 UTC
[jira] [Created] (CLOUDSTACK-400) Document procedure to update
CloudStack MySQL account password
Kirk Kosinski created CLOUDSTACK-400:
----------------------------------------
Summary: Document procedure to update CloudStack MySQL account password
Key: CLOUDSTACK-400
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-400
Project: CloudStack
Issue Type: Improvement
Components: Doc
Affects Versions: 4.0.0
Reporter: Kirk Kosinski
Priority: Minor
An administrator may occasionally want to change the password for the MySQL account used by CloudStack. When password encryption is used as recommended, this procedure is complicated and should be documented. I wrote the following procedure for the "file" encryption type and QA verified it. The procedure for "web" encryption is likely similar. It may also be useful to include a procedure for no encryption.
1. Stop CloudStack and (if applicable) the usage engine.
service cloud-management stop
service cloud-usage stop
2. Update the password for the CloudStack user on the MySQL server. Open a
MySQL prompt:
mysql -u root -p
Run the following:
update mysql.user set password=PASSWORD("newpassword123") where User='cloud';
flush privileges;
And exit the prompt:
quit
3. Encrypt the password and copy the resulting ciphertext:
java -classpath /usr/share/java/cloud-jasypt-1.8.jar
org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh
input="newpassword123" password="`cat /etc/cloud/management/key`" verbose=false
Note: If using db.cloud.encryption.type=web, use:
password="management_server_secret_key"
4. Update /etc/cloud/management/db.properties with the new ciphertext:
db.cloud.password=ENC(encrypted_password_from_above)
db.usage.password=ENC(encrypted_password_from_above)
5. Start CloudStack and (if applicable) the usage engine.
service cloud-management start
service cloud-usage start
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CLOUDSTACK-400) Document procedure to update
CloudStack MySQL account password
Posted by "Joe Brockmeier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe Brockmeier updated CLOUDSTACK-400:
--------------------------------------
Assignee: Joe Brockmeier (was: Radhika Nair)
> Document procedure to update CloudStack MySQL account password
> --------------------------------------------------------------
>
> Key: CLOUDSTACK-400
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-400
> Project: CloudStack
> Issue Type: Improvement
> Components: Doc
> Affects Versions: 4.0.0
> Reporter: Kirk Kosinski
> Assignee: Joe Brockmeier
> Priority: Minor
> Labels: adminguide, database, mysql
>
> An administrator may occasionally want to change the password for the MySQL account used by CloudStack. When password encryption is used as recommended, this procedure is complicated and should be documented. I wrote the following procedure for the "file" encryption type and QA verified it. The procedure for "web" encryption is likely similar. It may also be useful to include a procedure for no encryption.
> 1. Stop CloudStack and (if applicable) the usage engine.
> service cloud-management stop
> service cloud-usage stop
> 2. Update the password for the CloudStack user on the MySQL server. Open a
> MySQL prompt:
> mysql -u root -p
> Run the following:
> update mysql.user set password=PASSWORD("newpassword123") where User='cloud';
> flush privileges;
> And exit the prompt:
> quit
> 3. Encrypt the password and copy the resulting ciphertext:
> java -classpath /usr/share/java/cloud-jasypt-1.8.jar
> org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh
> input="newpassword123" password="`cat /etc/cloud/management/key`" verbose=false
> Note: If using db.cloud.encryption.type=web, use:
> password="management_server_secret_key"
> 4. Update /etc/cloud/management/db.properties with the new ciphertext:
> db.cloud.password=ENC(encrypted_password_from_above)
> db.usage.password=ENC(encrypted_password_from_above)
> 5. Start CloudStack and (if applicable) the usage engine.
> service cloud-management start
> service cloud-usage start
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (CLOUDSTACK-400) Document procedure to update
CloudStack MySQL account password
Posted by "Radhika Nair (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radhika Nair reassigned CLOUDSTACK-400:
---------------------------------------
Assignee: Radhika Nair
> Document procedure to update CloudStack MySQL account password
> --------------------------------------------------------------
>
> Key: CLOUDSTACK-400
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-400
> Project: CloudStack
> Issue Type: Improvement
> Components: Doc
> Affects Versions: 4.0.0
> Reporter: Kirk Kosinski
> Assignee: Radhika Nair
> Priority: Minor
> Labels: adminguide, database, mysql
>
> An administrator may occasionally want to change the password for the MySQL account used by CloudStack. When password encryption is used as recommended, this procedure is complicated and should be documented. I wrote the following procedure for the "file" encryption type and QA verified it. The procedure for "web" encryption is likely similar. It may also be useful to include a procedure for no encryption.
> 1. Stop CloudStack and (if applicable) the usage engine.
> service cloud-management stop
> service cloud-usage stop
> 2. Update the password for the CloudStack user on the MySQL server. Open a
> MySQL prompt:
> mysql -u root -p
> Run the following:
> update mysql.user set password=PASSWORD("newpassword123") where User='cloud';
> flush privileges;
> And exit the prompt:
> quit
> 3. Encrypt the password and copy the resulting ciphertext:
> java -classpath /usr/share/java/cloud-jasypt-1.8.jar
> org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh
> input="newpassword123" password="`cat /etc/cloud/management/key`" verbose=false
> Note: If using db.cloud.encryption.type=web, use:
> password="management_server_secret_key"
> 4. Update /etc/cloud/management/db.properties with the new ciphertext:
> db.cloud.password=ENC(encrypted_password_from_above)
> db.usage.password=ENC(encrypted_password_from_above)
> 5. Start CloudStack and (if applicable) the usage engine.
> service cloud-management start
> service cloud-usage start
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CLOUDSTACK-400) Document procedure to update
CloudStack MySQL account password
Posted by "Joe Brockmeier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13489216#comment-13489216 ]
Joe Brockmeier commented on CLOUDSTACK-400:
-------------------------------------------
Hi Kirk,
What area(s) of the documentation do you think this is appropriate for? (Admin guide?)
Thanks,
Joe
> Document procedure to update CloudStack MySQL account password
> --------------------------------------------------------------
>
> Key: CLOUDSTACK-400
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-400
> Project: CloudStack
> Issue Type: Improvement
> Components: Doc
> Affects Versions: 4.0.0
> Reporter: Kirk Kosinski
> Assignee: Radhika Nair
> Priority: Minor
> Labels: adminguide, database, mysql
>
> An administrator may occasionally want to change the password for the MySQL account used by CloudStack. When password encryption is used as recommended, this procedure is complicated and should be documented. I wrote the following procedure for the "file" encryption type and QA verified it. The procedure for "web" encryption is likely similar. It may also be useful to include a procedure for no encryption.
> 1. Stop CloudStack and (if applicable) the usage engine.
> service cloud-management stop
> service cloud-usage stop
> 2. Update the password for the CloudStack user on the MySQL server. Open a
> MySQL prompt:
> mysql -u root -p
> Run the following:
> update mysql.user set password=PASSWORD("newpassword123") where User='cloud';
> flush privileges;
> And exit the prompt:
> quit
> 3. Encrypt the password and copy the resulting ciphertext:
> java -classpath /usr/share/java/cloud-jasypt-1.8.jar
> org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh
> input="newpassword123" password="`cat /etc/cloud/management/key`" verbose=false
> Note: If using db.cloud.encryption.type=web, use:
> password="management_server_secret_key"
> 4. Update /etc/cloud/management/db.properties with the new ciphertext:
> db.cloud.password=ENC(encrypted_password_from_above)
> db.usage.password=ENC(encrypted_password_from_above)
> 5. Start CloudStack and (if applicable) the usage engine.
> service cloud-management start
> service cloud-usage start
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CLOUDSTACK-400) Document procedure to update
CloudStack MySQL account password
Posted by "Kirk Kosinski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13489268#comment-13489268 ]
Kirk Kosinski commented on CLOUDSTACK-400:
------------------------------------------
Hi, Joe. Yes, I think it should go in the admin guide. My copy has a "Changing the Database Configuration" section which seems like a good fit to me.
> Document procedure to update CloudStack MySQL account password
> --------------------------------------------------------------
>
> Key: CLOUDSTACK-400
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-400
> Project: CloudStack
> Issue Type: Improvement
> Components: Doc
> Affects Versions: 4.0.0
> Reporter: Kirk Kosinski
> Assignee: Joe Brockmeier
> Priority: Minor
> Labels: adminguide, database, mysql
>
> An administrator may occasionally want to change the password for the MySQL account used by CloudStack. When password encryption is used as recommended, this procedure is complicated and should be documented. I wrote the following procedure for the "file" encryption type and QA verified it. The procedure for "web" encryption is likely similar. It may also be useful to include a procedure for no encryption.
> 1. Stop CloudStack and (if applicable) the usage engine.
> service cloud-management stop
> service cloud-usage stop
> 2. Update the password for the CloudStack user on the MySQL server. Open a
> MySQL prompt:
> mysql -u root -p
> Run the following:
> update mysql.user set password=PASSWORD("newpassword123") where User='cloud';
> flush privileges;
> And exit the prompt:
> quit
> 3. Encrypt the password and copy the resulting ciphertext:
> java -classpath /usr/share/java/cloud-jasypt-1.8.jar
> org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI encrypt.sh
> input="newpassword123" password="`cat /etc/cloud/management/key`" verbose=false
> Note: If using db.cloud.encryption.type=web, use:
> password="management_server_secret_key"
> 4. Update /etc/cloud/management/db.properties with the new ciphertext:
> db.cloud.password=ENC(encrypted_password_from_above)
> db.usage.password=ENC(encrypted_password_from_above)
> 5. Start CloudStack and (if applicable) the usage engine.
> service cloud-management start
> service cloud-usage start
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira